syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in inet6_lhash2_lookup / inet_put_port

Status: auto-closed as invalid on 2020/08/13 20:37
Subsystems: net
[Documentation on labels]
First crash: 1380d, last: 1380d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in inet6_lhash2_lookup / inet_put_port

write to 0xffff888121aec20e of 2 bytes by task 15812 on cpu 1:
 __inet_put_port net/ipv4/inet_hashtables.c:115 [inline]
 inet_put_port+0x112/0x1b0 net/ipv4/inet_hashtables.c:123
 tcp_v4_destroy_sock+0x283/0x450 net/ipv4/tcp_ipv4.c:2191
 tcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1892
 inet_csk_destroy_sock+0xe7/0x270 net/ipv4/inet_connection_sock.c:881
 tcp_close+0x74a/0x8f0 net/ipv4/tcp.c:2570
 inet_release+0xc6/0xe0 net/ipv4/af_inet.c:428
 inet6_release+0x3a/0x50 net/ipv6/af_inet6.c:475
 __sock_release net/socket.c:605 [inline]
 sock_close+0x6c/0x150 net/socket.c:1278
 __fput+0x1df/0x460 fs/file_table.c:281
 ____fput+0x11/0x20 fs/file_table.c:314
 task_work_run+0x8e/0x110 kernel/task_work.c:135
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop arch/x86/entry/common.c:239 [inline]
 __prepare_exit_to_usermode+0x1c6/0x230 arch/x86/entry/common.c:269
 __syscall_return_slowpath+0x47/0x60 arch/x86/entry/common.c:352
 do_syscall_64+0x5d/0xb0 arch/x86/entry/common.c:393
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888121aec20e of 2 bytes by task 15817 on cpu 0:
 compute_score net/ipv6/inet6_hashtables.c:99 [inline]
 inet6_lhash2_lookup+0xe9/0x380 net/ipv6/inet6_hashtables.c:130
 inet6_lookup_listener+0x14f/0x180 net/ipv6/inet6_hashtables.c:173
 __inet6_lookup include/net/inet6_hashtables.h:77 [inline]
 __inet6_lookup_skb include/net/inet6_hashtables.h:93 [inline]
 tcp_v6_rcv+0x8e0/0x23f0 net/ipv6/tcp_ipv6.c:1587
 ip6_protocol_deliver_rcu+0x71b/0xc60 net/ipv6/ip6_input.c:433
 ip6_input_finish net/ipv6/ip6_input.c:474 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip6_input+0x76/0x120 net/ipv6/ip6_input.c:483
 dst_input include/net/dst.h:441 [inline]
 ip6_rcv_finish+0x1d5/0x260 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ipv6_rcv+0x88/0x140 net/ipv6/ip6_input.c:307
 __netif_receive_skb_one_core net/core/dev.c:5281 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5395
 netif_receive_skb_internal+0x3a/0x130 net/core/dev.c:5497
 netif_receive_skb+0x1b/0x1d0 net/core/dev.c:5556
 tun_rx_batched drivers/net/tun.c:1516 [inline]
 tun_get_user+0x1c2c/0x1e30 drivers/net/tun.c:1970
 tun_chr_write_iter+0xb0/0x100 drivers/net/tun.c:1999
 call_write_iter include/linux/fs.h:1907 [inline]
 new_sync_write fs/read_write.c:484 [inline]
 __vfs_write+0x2d8/0x340 fs/read_write.c:497
 vfs_write+0x19b/0x350 fs/read_write.c:559
 ksys_write+0xce/0x180 fs/read_write.c:612
 __do_sys_write fs/read_write.c:624 [inline]
 __se_sys_write fs/read_write.c:621 [inline]
 __x64_sys_write+0x3e/0x50 fs/read_write.c:621
 do_syscall_64+0x51/0xb0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 15817 Comm: syz-executor.4 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/09 20:29 upstream 0bddd227f3dc edf162e8 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.